This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Trend Micro First view 2007-08-22
Product Pc-Cillin Internet Security 2007 Last view 2007-10-30
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.3:*:*:*:*:*:*:* 1
cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.2_patch:*:*:*:*:*:*:* 1
cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.2:*:*:*:*:*:*:* 1
cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:15.0:*:*:*:*:*:*:* 1
cpe:2.3:a:trend_micro:pc-cillin_internet_security_2007:*:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.6 2007-10-30 CVE-2007-4277

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.

6.9 2007-08-22 CVE-2007-3873

Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
39755 Trend Micro Multiple Products AntiVirus Scan Engine Tmxpflt.sys Tmfilter Filt...
36630 Trend Micro Multiple Products SSAPI Module vstlib32.dll VST Local Overflow

Nessus® Vulnerability Scanner

id Description
2007-10-26 Name: The remote Windows host contains a program that is affected by a local buffer...
File: trendmicro_tmxpflt_overflow.nasl - Type: ACT_GATHER_INFO